Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/11098277-95a7-4f99-bb91-f65381696681.roa
File: 11098277-95a7-4f99-bb91-f65381696681.roa (raw, json)
Hash identifier: xRE3GcMHx00fGkDgLlCIPXR1pFwg8cgzlPRwpSfUO2A=
Subject key identifier: 70:42:A4:59:14:53:ED:D8:2F:1D:97:D7:5C:CA:72:A1:06:B1:85:6F
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 2658865DBEFA4CB8D6126E22F6A4730208F37941
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/11098277-95a7-4f99-bb91-f65381696681.roa
Signing time: Mon 11 May 2026 01:40:39 +0000
ROA not before: Mon 11 May 2026 01:40:39 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc3:1000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
26:58:86:5d:be:fa:4c:b8:d6:12:6e:22:f6:a4:73:02:08:f3:79:41
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 11 01:40:39 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=c945e6426d924ee13d9a5a0155e5c56ad3ac75166fbee335fd163ceca15d93e2, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:d8:31:9d:25:96:04:f1:01:90:bf:e8:05:2e:
75:8c:82:a3:49:62:6c:3f:30:e7:19:51:ee:4a:15:
46:ea:3b:5b:c9:86:86:bb:78:ea:2d:6c:89:8f:04:
b5:44:6c:da:77:20:a1:7e:b9:50:bc:5d:c3:df:d9:
81:fe:28:f8:c0:7a:83:b5:a7:dc:d3:5d:77:ed:de:
33:5f:85:4a:f6:70:6d:d9:0c:95:a1:d1:1b:81:b5:
85:9a:43:aa:cc:a7:72:a9:33:54:08:8c:92:bd:76:
a0:c2:2f:ca:5b:dd:36:65:f2:c9:65:43:e2:02:d8:
e6:28:94:ec:16:f3:38:df:ae:27:b8:49:15:5c:b3:
90:2b:4f:da:dc:c6:6f:1b:18:9b:cb:86:9c:98:27:
e0:ce:9c:3f:66:4e:02:06:89:d6:33:66:98:fd:97:
85:c0:ac:eb:dc:62:ce:7a:33:f4:d9:33:43:58:1c:
0a:19:c2:02:a8:c5:2a:fe:f9:84:49:36:45:2a:54:
9b:17:e0:b4:8e:5b:df:f5:67:f9:d0:bd:50:69:10:
48:37:d7:89:a0:12:94:9b:b9:d8:2a:f4:7e:36:27:
aa:2c:59:41:b9:d4:3f:fc:87:20:f2:9e:e4:d5:61:
22:3c:5d:ab:2e:48:33:c6:87:24:d1:96:01:43:9d:
6c:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:42:A4:59:14:53:ED:D8:2F:1D:97:D7:5C:CA:72:A1:06:B1:85:6F
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/11098277-95a7-4f99-bb91-f65381696681.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc3:1000::/36
Signature Algorithm: sha256WithRSAEncryption
c0:69:2d:f6:34:17:2b:a3:79:7e:5b:41:d0:b8:b0:85:df:f4:
ac:51:1a:08:3b:ac:1c:55:88:89:26:05:0d:bb:d5:63:fb:1a:
2f:ed:5a:2f:9c:d3:d0:a8:d2:6b:fc:de:7c:5b:70:c2:f6:c3:
57:17:64:d6:25:93:ea:2d:ee:0b:ae:b7:2a:a0:96:8f:67:70:
02:68:7c:f4:e9:6a:fd:9e:9d:7d:b2:c5:81:5d:15:2a:b8:63:
6f:b7:da:2c:d1:b5:41:fd:76:47:4c:0a:82:55:a2:1f:db:e4:
29:99:bb:5d:9f:df:cf:d6:db:cd:7c:3a:17:c0:f4:11:26:a3:
c0:b4:5a:c7:d9:59:53:64:8f:36:2e:11:16:1d:d1:0a:b2:5f:
49:08:0e:4e:f0:0f:be:2d:9e:9b:0f:f6:3c:da:f0:e6:e6:d6:
e0:9e:7e:31:4e:35:dd:2a:f5:c8:52:0b:9f:a7:65:73:76:9b:
c3:d2:5a:6b:5b:db:b1:b8:4f:54:fd:80:4b:12:6c:c8:1d:85:
52:e8:b8:14:06:6a:13:cf:4b:8e:4a:ce:c2:9d:cc:88:f3:6f:
1a:f0:a0:02:70:a3:7c:14:6c:09:6c:39:68:f3:8b:13:5e:21:
44:9e:13:e2:ee:d6:a1:33:e2:ef:33:c2:a8:db:7e:98:99:e7:
76:a2:d3:1b
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUJliGXb76TLjWEm4i9qRzAgjzeUEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTEwMTQwMzlaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGM5NDVlNjQyNmQ5MjRlZTEzZDlhNWEwMTU1ZTVjNTZhZDNhYzc1MTY2ZmJl
ZTMzNWZkMTYzY2VjYTE1ZDkzZTIxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ3YMZ0llgTxAZC/6AUudYyCo0libD8w5xlR7koVRuo7W8mGhrt46i1siY8E
tURs2ncgoX65ULxdw9/Zgf4o+MB6g7Wn3NNdd+3eM1+FSvZwbdkMlaHRG4G1hZpD
qsyncqkzVAiMkr12oMIvylvdNmXyyWVD4gLY5iiU7BbzON+uJ7hJFVyzkCtP2tzG
bxsYm8uGnJgn4M6cP2ZOAgaJ1jNmmP2XhcCs69xiznoz9NkzQ1gcChnCAqjFKv75
hEk2RSpUmxfgtI5b3/Vn+dC9UGkQSDfXiaASlJu52Cr0fjYnqixZQbnUP/yHIPKe
5NVhIjxdqy5IM8aHJNGWAUOdbJ0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRwQqRZ
FFPt2C8dl9dcynKhBrGFbzAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
MTEwOTgyNzctOTVhNy00Zjk5LWJiOTEtZjY1MzgxNjk2NjgxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8MQ
MA0GCSqGSIb3DQEBCwUAA4IBAQDAaS32NBcro3l+W0HQuLCF3/SsURoIO6wcVYiJ
JgUNu9Vj+xov7VovnNPQqNJr/N58W3DC9sNXF2TWJZPqLe4LrrcqoJaPZ3ACaHz0
6Wr9np19ssWBXRUquGNvt9os0bVB/XZHTAqCVaIf2+Qpmbtdn9/P1tvNfDoXwPQR
JqPAtFrH2VlTZI82LhEWHdEKsl9JCA5O8A++LZ6bD/Y82vDm5tbgnn4xTjXdKvXI
Ugufp2VzdpvD0lprW9uxuE9U/YBLEmzIHYVS6LgUBmoTz0uOSs7CncyI828a8KAC
cKN8FGwJbDlo84sTXiFEnhPi7tahM+LvM8Ko236Ymed2otMb
-----END CERTIFICATE-----
Generated at Wed May 13 00:56:04 2026 by rpki-client